×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
galsegal
Explorer
Member since: ‎07-16-2020
‎07-23-2020
Community Statistics
Posts 6
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎07-16-2020
Activity Feed
View All

Re: Correlation of 2 fields within json array

by in Splunk Enterprise
‎07-20-2020 03:16 AM
‎07-20-2020 03:16 AM
This was not 100% the solution but it indeed got me there 🙂 Thank you very much, sir. ... View more

Correlation of 2 fields within json array

by in Splunk Enterprise
‎07-20-2020 01:32 AM
‎07-20-2020 01:32 AM
Hey All,   What I'm trying to do is to build a search query that correlates between fields like in the below example: I need that where message.anomaly.features{}.anomaly has a true value, then to output a new field with the corresponding fields below - 23, location (Even only one of them is good for me)   How can I accomplish that?   Thank you, ... View more
Labels

Re: Indexing Json Array field

by in Splunk Enterprise
‎07-19-2020 07:50 AM
‎07-19-2020 07:50 AM
Hi niketnilay,   Thanks for stepping in, appreciate the prompt response. I might have phrased my question not so clear, what I’m trying to do is Ivactually need to know which of the indexes has the 'true' value in this.  The best solution for me will be some kind of way to iterate this structure like in programming- message.anomaly.features.anomaly{}[0],message.anomaly.features.anomaly{}[1] and so on.. Is this something that is possible to accomplish using splunk?   Thanks again, ... View more

Indexing Json Array field

by in Splunk Enterprise
‎07-19-2020 07:20 AM
‎07-19-2020 07:20 AM
Hey,    Can you please assist me with how to index this field: What I'm trying to do is to know which index has the 'true' value in it and take action accordingly. For example , in pseudo code: if(message.anomaly.features{}.anomaly[0] == true  then newfield = 0 Thanks! ... View more
Labels

Re: How to compare two approximately similar email...

by in Splunk Enterprise
‎07-17-2020 11:21 AM
‎07-17-2020 11:21 AM
Guess this is out of scope? 😕 ... View more

How to compare two approximately similar email add...

by in Splunk Enterprise
‎07-16-2020 04:34 AM
‎07-16-2020 04:34 AM
Hello All, I'm trying to create a query for finding if a sender email address is similar to recipient address. for example - in this case below I need to return TRUE- sender: john.smith@example.com recipient: johnsmith@gmail.com (or even recipient like-  johns@gmail.com) Is there a way to utilize spunk ES to search such approximate string comparison?   Thanks!! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎07-23-2020 03:59 AM
Karma given to
View All